The course is intended for those who have audit responsibilities that include a Unix operating system environment. It explains the Unix operating system security reliability to the auditor, with security control audit perspectives. The purpose is to help participants acquire a depth of understanding of UNIX security, so they can perform hands-on UNIX security audit, covering business and technical aspects. The skills acquired in this training will help participants plan and execute UNIX operating system security control audits, identify and present reportable conditions to management for remediation.
Deliverables include UNIX audit checklists, sample security audit scripts, and report formats embedded in the course materials.
• Unix Processes: The ps command, daemon processes, cron daemon, validating executables
• Unix Startup and Shutdown: Shutdown, booting UNIX, Init states, rc scripts, fsck , single user mode booting
• The Unix File System Structure: File and directory permissions, locating a UNIX file – the find command, disk management information
• Managing users: Logging in, the super use, r/etc/passwd and /etc/shadow, control files in /etc affecting users and user sessions, password quality controls, session records, groups, profiles, Managing application systems – users, groups and file accesses
• Secure Inter-Server Working: Network services, the services file, inetd.conf, examples of insecure services
• System Compromise, Detection and Response: Programmed threats, determine if your system has been compromised, steps for recovering from a UNIX root compromise, software tools
• Unix Security Vulnerability/Risks: Auditing for Unix system reliability.
• Reporting Unix Audit Findings.